15.13 Oracle Portal-Based Security for Backward Compatibility

Prior to 11g Release 1 (11.1.1), Oracle Internet Directory was used for authentication and Oracle Portal for authorization. Oracle Reports 11g Release 1 (11.1.1) accomplishes both authentication and authorization through Oracle Platform Security Services.

For backward compatibility, 11g Release 1 (11.1.1) supports:

  • Security with OracleAS Portal 10g and Portal Classic 11g. You can configure Oracle Portal for authorization using Oracle Enterprise Manager, as described in Section, "Switching to Oracle Portal Security".

  • Users and groups created in 10g Release 2 (10.1.2) identity management (IM).

  • Non-secured mode of operation with Reports Server.

15.13.1 Security Features Provided by Oracle Portal

Oracle Portal provides a number of security features available to Oracle Reports Services that enable you to ensure that the appropriate users are getting important data in a secure fashion. With Oracle Portal security features in place, your users see only the data they're supposed to see.

Use Oracle Portal to control:

  • Who has access to each report

  • When a report can be run

  • Which servers and printers can be used to run a report

  • Which report parameters a user can edit with what range of values

Oracle Portal is a browser-based, data publishing and developing solution that offers Web-based tools for publishing information on the Web and building Web-based, data-driven applications.

Oracle Portal is tightly integrated with Oracle Reports Services to create a robust and secure data publishing environment. Oracle Portal provides easy-to-use wizards for setting up Oracle Reports Services security. These include wizards for defining user access to reports, Reports Servers, printers, output formats, and report parameters.

Once you define access control information, it's stored in the Oracle Portal repository. As an Oracle Portal user, you can then, optionally, publish registered RDFs and JSPs to an Oracle Portal page. As with all Oracle Portal functionality, using Portal to deliver your reports is not required. You can deliver reports through command lines, as you may always have, and still benefit from the access control features available to you through Oracle Portal.

Access to Oracle Reports Services' security features is not dependent on whether you also use Portal to publish report links or report content. Even if you don't publish through Portal, you can still take advantage of the Oracle Reports Services' security features available in Oracle Portal to control user access to all of your reports.

When you expose a report as a portlet through Oracle Portal, Oracle Reports leverages OracleAS Single Sign-On, which eliminates the need for users to enter multiple log ins, first to the portal then to each of the reports exposed through portlets within the portal. With OracleAS Single Sign-On, when you log in, Oracle Portal automatically logs you into all registered portlet providers and subsystems.

For more information, refer to Chapter 16, "Deploying Reports in Oracle Portal".